"We all want to live in a world that is safe and secure, but we also want to live in a country that is protected by the Constitution."

"Many of our customers have serious concerns about government surveillance of the Internet. We share their concerns. That's why we are taking steps to ensure governments use legal process rather than technological brute force to access customer data."

With those words, Microsoft general counsel Brad Smith announced the three-pronged countermeasures his company is implementing to foil government surveillance, which he dubbed an "advanced persistent threat" on the same level as malware and cyber-attacks: all-encompassing encryption, "reinforced" legal protections, and enhanced source code transparency.

While Yahoo and Google were the only two companies explicitly fingered in that report (and have since bolstered their own security efforts), Microsoft is taking steps to prevent similar intrusions.

"The idea that the government may be hacking into corporate data centers was a bit like an earthquake, sending shock waves across the tech sector," Smith told The New York Times. "We concluded that we better assume that there might be such an attempt at Microsoft, or has already been."

The plan Going forward, Microsoft promises to encrypt all of Microsoft's "key platform, productivity, and communications services"--Outlook.com, Office 365, SkyDrive, and Windows Azure are listed as specific examples--to protect data as it's transferred between Microsoft and its customers, as well as the connections between Microsoft's own data centers. The company also promises to encrypt customer content stored on Microsoft servers, and plans to work with other companies to ensure data moving between services stays secure.

Without getting specific, Smith says many of those protections are in place now, and all will be in effect by the end of 2014. The encryption itself will be "best-in-class industry cryptography," including Perfect Forward Secrecy and 2048-bit RSA key lengths, two technologies that Twitter and Google also respectively implemented in recent months to foil NSA snooping.

Bolstering that, the chair of the Internet Engineering Task Force group developing HTTP 2.0 recently announced that the next-gen protocol will also onlywork with HTTPS-encrypted URLs.

More lawyers, more openness The other countermeasures Microsoft is taking has less direct impact on everyday users, but will reassure the company's corporate and government clients.

Smith says the company will notify "business and government customers"--note that consumers are explicitly not mentioned--if the government issues legal orders for their data, and Microsoft will challenge any gag orders it receives if the government attempts to block Microsoft from informing users about the requests. The ongoing legal fallout from secret government information requests shows those challenges won't always be successful, but hey--at least they're trying.